Jille wrote: > > > pete wrote: >> Hello, >> >> Anybody running peruser with mod_security? >> >> Im having strange issue with this combo. >> I guess it has something todo with peruser. >> My error_log(s) are filling with "global mutex - permission denied". >> Still it looks like every site running on this server is working properly. >> So its not fatal, but i dont like that error :) >> >> ------------------------------------------------------------------------------------------- >> [Wed Aug 20 14:47:26 2008] [error] [client 192.194.76.43] ModSecurity: Audit log: Failed to lock global mutex: Permission denied [hostname "www.domain.info"] [uri "/keskustelu/index.php"] [unique_id "xLRtEX8AAAEAAG8gaOkAAAFl"] >> [Wed Aug 20 14:47:26 2008] [error] [client 192.194.76.43] ModSecurity: Audit log: Failed to unlock global mutex: Permission denied [hostname "www.domain.info"] [uri "/keskustelu/index.php"] [unique_id "xLRtEX8AAAEAAG8gaOkAAAFl"] >> ------------------------------------------------------------------------------------------- >> >> Other part of this message I would like to ask about chroot capabilities inside peruser. Is anyone using this feature in production? >> >> I try it quickly but it of course want /bin /etc so on. >> Anybody have good list about files it needs? >> > You can just add a base install; that will have all files it wants at least. And without sensitive data. > Note that you might also want to install php (etc) to that chroot, because it depends on it's own libs ;)
Yea. But this environment is shared-web-hosting and everyone has quota. So if i install everyone base-install I'm going to lose about 25GB disc space, right? Not an option :) And nope. I don't want to install PHP and so on to every customer. >> Sites actually working good, but it need at least /etc/hosts. >> > I think it want /etc/resolv.conf even more ;) Tested before first message. Don't do the trick. I read some where that it need some library. >> And it looks like it does not support DNS at all. I guess it need some shared lib? >> >> Is there anyway to go around mysqld.sock errors. >> that sock of course is in /var/run/mysql and after chroot user has no right to go outside chroot. I could do hard-link, but every time i reboot apache i needed todo that hard-link again. Not an option :/ >> > Can't you add the hardlink commands to the mysqld (not apache ;)) startup scripts ? Typo there :) Sure i can, but dude. There's about 200-250 customers / server. Besides that, it's kind of sound like noob system.. Regards, Pete _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
